As you may have read previously, when doing some routine maintenance and attempting to finally crack down on all the SPAM that was hitting my inbox, I managed to hose the email stack pretty thoroughly.
I'm sure I could have recovered from it, but it'd been so long since I'd done much maintenance on the system that it seemed like a good time to just go ahead and rebuild from scratch.
I'm really quite glad that I did!
Previously, all the various services were directly installed in the OS, running natively. While that's certainly not a bad thing, it maybe isn't ideal in terms of maintenance/management, especially with other options available today that really weren't when I first set everything up. Namely, docker.
The biggest change is that I've dockerized all the things. My entire email stack is a series of docker containers, this website is a couple, etc.
Part of that email stack includes rspamd instead of spamassassin which seems to be much more capable. I still get the occasional spam message or two that slip through, but it has been cut DRASTICALLY from what it was (often well over 100+ per day hitting the inbox). It also has a nice web ui so I can keep tabs on statistics of what is and isn't getting through, along with adding, changing and adjusting rules. Seems to be working pretty well I'd say:
Maybe I never had spamassassin configured properly, but it definitely never performed this well for me. The other thing I really like is that out of the box it's set up so that if I move an email from my inbox to the spam folder, or vice versa, it will automatically "learn" that message is spam, or ham.
The other really fantastic thing this mail stack included was traefik, which I had certainly never heard of before but now that I have it — I'm never going back to the old way again.
Suppose I want to set up a new web service as a subdomain. No problem, all I'd need to do is add a couple labels to my docker-compose entry for said service, something like this, for example:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:foobar.willvincent.com
- traefik.docker.network=http_network
- traefik.port=3333
The first one is obvious, enable traefik routing for this item. Second one sets up a rule that if the specified hostname matches the request, this is the backend thing that traefik will route to, then we specify the docker network to use and the port on this docker container to route traffic to via that network. Pretty simple... It even goes out and fetches a letsencrypt cert for me automagically too!
It's server-management love.
The email stack I selected is the Hardware Mailserver, it's really complete in what it provides, and I'm satisfied. In fact it's so complete there are several features it provides that I've disabled because I just don't need them.
As for other stuff – I manually recreated most of the content from my old website within this new site as well. Most of it didn't get a lot of traffic, but there are a few of those older posts that still regularly generate a lot of hits, so I wanted to make sure that information remained accessible to people.
In summary:
- docker – good
- traefik – really good
- server – unbroken
- spam – less
- me – happier